Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightVM vs Recorded Future comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Vulnerability Management (27th), Continuous Threat Exposure Management (CTEM) (6th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
62
Ranking in other categories
Risk-Based Vulnerability Management (4th)
Recorded Future
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
13
Ranking in other categories
Threat Intelligence Platforms (1st), Digital Risk Protection (1st)
 

Mindshare comparison

Risk-Based Vulnerability Management
Threat Intelligence Platforms
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Mahmoud Elhamaymy - PeerSpot reviewer
Reliable scanning and integration strengthen security infrastructure
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.
Dr. Merrick Watchorn - PeerSpot reviewer
Traceless online searches, stable, and scalable
There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities. To be clear, what the vendor is doing is of a high standard, and my only critique is that they need to make new enhancements. I am aware that the vendor is making a concerted effort to add additional information to their repository, and it is something they actively do. The vendor has publicly stated that they will work on this, and I always pay attention to make sure they adhere to that. This does not change over time. The export feature of the recording needs to stop being so restricted. When they record in order to save themselves by operations, I would expect that as a super user, if I asked to download the dataset I'm looking for, I would not be limited in my data downloads. One of the cool things is, let's say we do our entire research and we want to save all of the materials that were returned, and that special custom search that we made, we can export that into a CSV file. The problem is it gets restricted. So sometimes when I say it's restricted, we don't get all the data that we saw online. So then we have to go and manually search for the specific thing we're looking for. I would like to have the URI and whatever value set that I search off, and for the NLP package to not be stripped out. It's like saying I want to do a Pcap analysis. Don't strip out the Pcap when I asked to see Pcap. That's what they're doing. They do this for many different reasons. One of them is, imagine if everyone downloaded datasets that are very large and it brings the whole system down.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran is an excellent tool."
"The solution's user interface is good and has some vulnerability prioritization."
"The feature that I have found most valuable is its dashboards."
"Customers are generally satisfied and do not ask for drastic price reductions during renewals."
"The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable."
"The most valuable features of the solution are the agent and the scanning."
"The discovery and prioritization of vulnerabilities."
"The performance is good."
"You can bring in and get online to do reports fairly quickly,"
"The intel that they were providing us over the emails was very good. If it found any hashtag in our organization's name on the dark web, a rogue IP, or a marketplace, it would send us an email and notify us that this is being mentioned, and if we want, they can take some action."
"The most valuable feature of Recorded Future is how it detects everything regarding our domain."
"Recorded Future allows me to maintain very accurate alerts."
"Has the ability to conduct and build any query without limitations."
"Recorded Future has some important strengths. It has a long history of success in the market and is known for excellent threat intelligence. Its team is skilled at using AI to search for and report on threats. For many years, it was seen as the best in the industry."
"It can collect data from various sources, including social media and the dark web."
"The tool can integrate with a lot of security control and proactive protection devices."
"The most valuable feature is Recorded Future's protection of exposed customer data on the hardware side."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
"We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement."
"The solution needs to improve its vulnerability design to include CVC results."
"There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face."
"Some difficulties with the online reporting and lack of integrations."
"InsightVM is getting a little stale and is in danger of falling behind its competitors."
"Patch management is the only missing feature I can think of. Rapid7 detects vulnerabilities, but it should also help you manage patches."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"While I don't think the tool is weak, its position isn't as dominant as it once was. Other companies like CrowdStrike and Mandiant are now challenging them in many areas. One downside is that Recorded Future can be complex for customers to use and understand. This isn't easy for clients to navigate."
"Recorded Future is a very expensive solution, and its pricing could be improved."
"There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities."
"The solution would benefit from introducing automation."
"When you add one website to Recorded Future, it should automatically call all other websites and social media platforms."
"Lacks sufficient visibility of malware and international APT attacks."
"The customer support is frustrating and not efficient. They always request logs and screenshots that seem irrelevant."
"The tool should improve its third-party supply chain risks because there is a lack of visibility."
 

Pricing and Cost Advice

Information not available
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"Its price is too high. My only concern or issue with Rapid7 is its pricing."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"The license is annual and this is the optimal approach when it comes to most software."
"We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"It is less expensive compared to other competitors."
"I would rate the solution’s pricing a seven out of ten."
"The biggest disadvantage of Recorded Future is the cost here in Eastern Europe. The solution is correctly priced for big companies who have the money to invest in such solutions. Also, the solution is useless on its own, which means that you have to invest in other solutions with which Recorded Future can be integrated. At present, Recorded Future can cost 60,000 euros per year. I am able to offer my clients a 5% to 10% discount, but in this region, the cost is still prohibitive even with the discount. If Recorded Future were more flexible in terms of price, there would be better sales opportunities in Europe and Eastern Europe, in particular, because we have more small- and medium-sized companies here."
"There appear to be up to five different levels, with the most expensive version costing around $95,000 to $105,000 a year for subscription services."
"The price of the solution is worth it. The overall performance of the solution outweighs the cost."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Educational Organization
40%
Computer Software Company
9%
Financial Services Firm
8%
Manufacturing Company
6%
Computer Software Company
15%
Financial Services Firm
14%
Government
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
What do you like most about Recorded Future?
The most valuable feature of Recorded Future is how it detects everything regarding our domain.
What is your experience regarding pricing and costs for Recorded Future?
I am not the person responsible for purchases, but it's known that Recorded Future is expensive, with a personal rati...
What needs improvement with Recorded Future?
Their research capabilities and the human aspect should be more effective. The Insikt Group covers a narrow range of ...
 

Also Known As

No data available
InsightVM, NeXpose
No data available
 

Overview

 

Sample Customers

Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Fujitsu, Regions, SITA, St. Jude Medical, Accenture, T-Mobile, TIAA, Intel Security, Armor, Alert Logic, NTT, Splunk
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management. Updated: March 2025.
848,716 professionals have used our research since 2012.